Lucene search
HistoryNov 16, 2010 - 12:00 a.m.
SuSE Update for glibc SUSE-SA:2010:052

2010-11-1600:00:00
plugins.openvas.org
0.112 Low
EPSS
Percentile
94.6%
JSON
Check for the Version of glibc
###############################################################################
# OpenVAS Vulnerability Test
#
# SuSE Update for glibc SUSE-SA:2010:052
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "The Linux C library glibc was updated to fix critical security issues and several bugs:

  CVE-2010-3847: Decoding of the $ORIGIN special value in various LD_
  environment variables allowed local attackers to execute code in
  context of e.g. setuid root programs, elevating privileges.
  This specific issue did not affect SUSE as an assertion triggers
  before the respective code is executed. The bug was fixed by this
  update nevertheless.

  CVE-2010-3856: The LD_AUDIT environment was not pruned during setuid
  root execution and could load shared libraries from standard system
  library paths.
  This could be used by local attackers to inject code into setuid root
  programs and so elevated privileges.

  Both of these were found by Tavis Ormandy and we thank him for finding
  and reporting those issues.

  SUSE Linux Enterprise Server 9 is not affected by the above problems,
  as its glibc does neither support LD_AUDIT nor the $ORIGIN expansion
  required by the first problem.

  On openSUSE 11.1, 11.2 and SUSE Linux Enterprise 10 Service Pack 3
  and SUSE Linux Enterprise 11 GA also the following minor security
  issues were fixed:

  CVE-2010-0830: Integer overflow causing arbitrary code execution
  in ld.so --verify mode could be induced by a specially crafted
  binary. This would require running the code on untrusted code which
  we did not consider likely.

  We thank Dan Rosenberg for reporting this problem.

  CVE-2010-0296: The addmntent() function would not escape the newline
  character properly, allowing the user to insert arbitrary newlines
  to the /etc/mtab; if the addmntent() is run by a setuid mount binary
  that does not do extra input check, this would allow custom entries
  to be inserted in /etc/mtab.

  We thank Dan Rosenberg and Jeff Layton for reporting this problem.


  CVE-2008-1391: The strfmon() function contains an integer overflow
  vulnerability in width specifiers handling that could be triggered
  by an attacker that can control the format string passed to strfmon().

  We thank Maksymilian Arciemowicz for reporting this problem.


  CVE-2010-0015: Some setups (mainly Solaris-based legacy setups)
  include shadow information (password hashes) as so-called &quot;adjunct
  passwd&quot; table, mangling it with the rest of passwd columns instead
  of keeping it in the shadow table. Normally, Solaris will disclose
  this information only to clients bound to a privileged port, but
  when nscd is deployed on the client, getpwnam() would disclose the
  password hashes to all users.  New mode &quot;adjunct as shadow&quot; ...

  Description truncated, for more information please check the Reference URL";
tag_solution = "Please Install the Updated Packages.";

tag_impact = "local privilege escalation";
tag_affected = "glibc on openSUSE 11.1, openSUSE 11.2";


if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.850148");
  script_version("$Revision: 8469 $");
  script_tag(name:"last_modification", value:"$Date: 2018-01-19 08:58:21 +0100 (Fri, 19 Jan 2018) $");
  script_tag(name:"creation_date", value:"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_xref(name: "SUSE-SA", value: "2010-052");
  script_cve_id("CVE-2008-1391", "CVE-2010-0015", "CVE-2010-0296", "CVE-2010-0830", "CVE-2010-3847", "CVE-2010-3856");
  script_name("SuSE Update for glibc SUSE-SA:2010:052");

  script_tag(name: "summary" , value: "Check for the Version of glibc");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
  script_family("SuSE Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/suse", "ssh/login/rpms");
  script_tag(name : "impact" , value : tag_impact);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");


res = "";
if(release == NULL){
  exit(0);
}

if(release == "openSUSE11.1")
{

  if ((res = isrpmvuln(pkg:"glibc", rpm:"glibc~2.9~2.13.1", rls:"openSUSE11.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"glibc-devel", rpm:"glibc-devel~2.9~2.13.1", rls:"openSUSE11.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"glibc-html", rpm:"glibc-html~2.9~2.13.1", rls:"openSUSE11.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"glibc-i18ndata", rpm:"glibc-i18ndata~2.9~2.13.1", rls:"openSUSE11.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"glibc-info", rpm:"glibc-info~2.9~2.13.1", rls:"openSUSE11.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"glibc-locale", rpm:"glibc-locale~2.9~2.13.1", rls:"openSUSE11.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"glibc-obsolete", rpm:"glibc-obsolete~2.9~2.13.1", rls:"openSUSE11.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"glibc-profile", rpm:"glibc-profile~2.9~2.13.1", rls:"openSUSE11.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"nscd", rpm:"nscd~2.9~2.13.1", rls:"openSUSE11.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"glibc-32bit", rpm:"glibc-32bit~2.9~2.13.1", rls:"openSUSE11.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"glibc-devel-32bit", rpm:"glibc-devel-32bit~2.9~2.13.1", rls:"openSUSE11.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"glibc-locale-32bit", rpm:"glibc-locale-32bit~2.9~2.13.1", rls:"openSUSE11.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"glibc-profile-32bit", rpm:"glibc-profile-32bit~2.9~2.13.1", rls:"openSUSE11.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "openSUSE11.2")
{

  if ((res = isrpmvuln(pkg:"glibc", rpm:"glibc~2.10.1~10.9.1", rls:"openSUSE11.2")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"glibc-devel", rpm:"glibc-devel~2.10.1~10.9.1", rls:"openSUSE11.2")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"glibc-html", rpm:"glibc-html~2.10.1~10.9.1", rls:"openSUSE11.2")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"glibc-i18ndata", rpm:"glibc-i18ndata~2.10.1~10.9.1", rls:"openSUSE11.2")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"glibc-info", rpm:"glibc-info~2.10.1~10.9.1", rls:"openSUSE11.2")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"glibc-locale", rpm:"glibc-locale~2.10.1~10.9.1", rls:"openSUSE11.2")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"glibc-obsolete", rpm:"glibc-obsolete~2.10.1~10.9.1", rls:"openSUSE11.2")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"glibc-profile", rpm:"glibc-profile~2.10.1~10.9.1", rls:"openSUSE11.2")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"nscd", rpm:"nscd~2.10.1~10.9.1", rls:"openSUSE11.2")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"glibc-32bit", rpm:"glibc-32bit~2.10.1~10.9.1", rls:"openSUSE11.2")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"glibc-devel-32bit", rpm:"glibc-devel-32bit~2.10.1~10.9.1", rls:"openSUSE11.2")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"glibc-locale-32bit", rpm:"glibc-locale-32bit~2.10.1~10.9.1", rls:"openSUSE11.2")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"glibc-profile-32bit", rpm:"glibc-profile-32bit~2.10.1~10.9.1", rls:"openSUSE11.2")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}
References

2010-052
0.112 Low
EPSS
Percentile
94.6%
JSON
Related for OPENVAS:1361412562310850148